SANS doesn't post malware analysis articles very often, but being SANS you can always expect a certain level of quality. This is a fairly nice overall example of the general steps taken to analyse a Trojan-Downloader that is worthy of reference here.

Reverse Engineering a Windows Screensaver e-Postcard
http://www.sans.org/reading_room/whitepapers/malicious/
http://www.sans.org/reading_room/whitepapers/malicious/reverse_engineering_a_windows_"screensaver"_epostcard_33074


The malware is identified as Pushdo, which references rootkit driver pdb files in a "Siberia2" folder. Unfortunately the rk drivers themselves aren't analysed, but there is some discussion about them elsewhere:

http://www.sophos.com/blogs/sophoslabs/v/post/1564


Rootkit drivers are what intrigues me, this might be an interesting malware to explore further if a sample becomes available...

Cheers,
Kayaker